Cisco VTP/VLAN issue
-
We have been using PFSense in both our offices and our production environment at a colo data center happily since the founding of our company. Unfortunately our production environment has out grown PFSense and I am tasked with migrating to Cisco ASA 5510s and Catalyst 4507 layer 3 switch cabs. I finally got the IPSec tunnel working between our office PFSense router (YEA!) using the same supernet config we had in place before. As part of a staged migration however, we had plugged the production PFSense router into the 4507 cabs and moved all of our servers onto those switch blades to get the increase in bandwidth. That has been working fine and the only road block was the IPSec tunneling issue. When I tried to cut over and unplugged the production PFSense router from the switch however I found I could not route internally on the layer 3 switch. This was working fine in testing prior to pluging in the PFSense router to those switches. The issue appears to be a corrupted VTP VLAN database on the Catalyst 4507s. The reason I am posting here is that VTP reports it was last updated on 8/8/2011 by address IP x.x.132.2, which is the day we plugged in the PFSense router, and is also the IP address of the PFSense router. We lost half the VLANs, and VTP does not seem to able to remove or add new ones.
Has anyone else run into this? Is there a known issue with PFSense and Cisco VLANs? Does anyone have a sugestion on how to fix this? Unplugging the PFSense router and rebooting the switches does not have an effect, but based on the date and IP of the last update, it seems almost certain that PFSense is the cause of the issue. There is no VLAN service running on PFSense either, so I don't understand what or why this happened.
Thanks in advance!
Here is the relevant output from Cisco:
show vtp status
VTP Version capable : 1 to 3
VTP version running : 2
VTP Domain Name : corp
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 0017.5abd.a700
Configuration last modified by x.x.132.2 at 8-30-11 17:39:31 - (from me… bold IP and date match PFS router and date it was plugged into switch)
Local updater ID is 10.0.132.4 on interface Vl1 (lowest numbered VLAN interface found)Feature VLAN:
VTP Operating Mode : Server
Maximum VLANs supported locally : 1005
Number of existing VLANs : 6
Configuration Revision : 1show vlan
VLAN Name Status Ports
1 default active Gi1/3, Gi1/4, Gi1/5, Gi1/6, Gi3/3, Gi3/4, Gi4/2, Gi4/3, Gi4/4, Gi4/5, Gi4/6, Gi4/7
Gi4/8, Gi4/9, Gi4/10, Gi4/11, Gi4/12, Gi4/13, Gi4/14, Gi4/15, Gi4/16, Gi4/17, Gi4/18
Gi4/19, Gi4/20, Gi4/21, Gi4/22, Gi4/23, Gi4/24, Gi4/25, Gi4/26, Gi4/27, Gi4/28
Gi4/29, Gi4/30, Gi4/31, Gi4/32, Gi4/33, Gi4/34, Gi4/35, Gi4/36, Gi4/37, Gi4/38
Gi4/39, Gi4/40, Gi4/41, Gi4/42, Gi4/43, Gi4/44, Gi4/45, Gi4/46, Gi4/47, Gi4/48
30 VLAN0030 active Gi3/17, Gi3/18, Gi3/19, Gi3/20, Gi3/21, Gi3/22, Gi3/23, Gi3/24, Gi3/25, Gi3/26
Gi3/27, Gi3/28, Gi3/29, Gi3/30, Gi3/31, Gi3/32
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsupVLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
1 enet 100001 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 4472 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trbrf 101005 4472 - - - ibm - 0 0VLAN AREHops STEHops Backup CRF
1003 0 0 off
Remote SPAN VLANs
Primary Secondary Type Ports
The 2 missing VLANs are the production VLANs, 10 & 20 respectively, but routing between existing VLANs also appears to be an issue now. All VLANs were there prior and routing between them was working fine. Thanks Again!
-
You haven't nearly outgrown the project if you're replacing with a 5510, only time that's remotely feasible is if you're at the point where you need a 5580.
There is nothing on pfSense that can affect VTP in any way.